secure-214903pvw4164.online-check-001.su
Open in
urlscan Pro
2606:4700:3036::ac43:c578
Malicious Activity!
Public Scan
Effective URL: https://secure-214903pvw4164.online-check-001.su/my-accounts/L-1666129700634f1f24de20b
Submission: On November 17 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by E1 on November 13th 2022. Valid for: 3 months.
This is the only time secure-214903pvw4164.online-check-001.su was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bank of America (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.118.35 167.89.118.35 | 11377 (SENDGRID) (SENDGRID) | |
1 | 119.18.54.40 119.18.54.40 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
1 14 | 2606:4700:303... 2606:4700:3036::ac43:c578 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:80e::200a | 15169 (GOOGLE) (GOOGLE) | |
15 | 3 |
ASN11377 (SENDGRID, US)
PTR: o16789118x35.outbound-mail.sendgrid.net
u29705079.ct.sendgrid.net |
ASN13335 (CLOUDFLARENET, US)
secure-214903pvw4164.online-check-001.su |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
online-check-001.su
1 redirects
secure-214903pvw4164.online-check-001.su |
255 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 304 |
34 KB |
1 |
lamture.com
lamture.com |
235 B |
1 |
sendgrid.net
1 redirects
u29705079.ct.sendgrid.net |
232 B |
15 | 4 |
Domain | Requested by | |
---|---|---|
14 | secure-214903pvw4164.online-check-001.su |
1 redirects
lamture.com
secure-214903pvw4164.online-check-001.su |
1 | ajax.googleapis.com |
secure-214903pvw4164.online-check-001.su
|
1 | lamture.com | |
1 | u29705079.ct.sendgrid.net | 1 redirects |
15 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
lamture.com R3 |
2022-10-21 - 2023-01-19 |
3 months | crt.sh |
*.online-check-001.su E1 |
2022-11-13 - 2023-02-11 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://secure-214903pvw4164.online-check-001.su/my-accounts/L-1666129700634f1f24de20b
Frame ID: 0DC9AC63D8BDB23ECFF18ACD8B0965E0
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
4d553cc922b018fba132619369ce8d5de01c39d6Page URL History Show full URLs
-
https://u29705079.ct.sendgrid.net/ls/click?upn=JwYa6YJZnPFmUY-2FRqYc67qbGbhkSYpbraAsrkeLZklWgLTUOWJfxe86H4Rlov...
HTTP 302
https://lamture.com/lexirexie Page URL
-
https://secure-214903pvw4164.online-check-001.su/my-accounts/
HTTP 302
https://secure-214903pvw4164.online-check-001.su/my-accounts/L-1666129700634f1f24de20b Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u29705079.ct.sendgrid.net/ls/click?upn=JwYa6YJZnPFmUY-2FRqYc67qbGbhkSYpbraAsrkeLZklWgLTUOWJfxe86H4RlovsKiqYH7_QjY5r8shDZ0uRkxz8Bv-2B-2B18RKwEz28uO-2FXprZBCSZ2yMG3JMrEEFkVg4rHoceydiV4vzFcYZLqtg2bLV9uM-2BN39z-2BzBL3xtu-2Bc65X6T89n7S7rWFZcHL7nw9a2xpKn-2BUf-2BdKh8PY1a2fUttYlay-2FgmUSYvFt3cGlSuHUHON2SyJVyYlz7xQ41Gr8lHXR3NkVBRjE-2F-2BfzY9RbXsC5aVcD0LUdzmnyr8smXgJ5FDy1mAMUWYiyFE-2BMFO89vBb3YvMhQ7dDnStL2gtq8l2IgDK-2BubwzVLQjroVpf4TFYzpKfqO1VJ2sjt42JQLeFEUDjCWrV2u5zBRrCwbuR3waTT1iKdKGkFe7XNmuaYC0h-2BdOxO5YqZt2XUWI22FwW7HzrieN2ZGCKZicBnkW2FdQKcsP1H4Ek4rBtI6d1t38CHLZcAWjjm2TgGPXBcutKhfO-2Fmg6K-2B5Ye3rKRkvAhHwjKT-2FNWRNzm4k6TOMBnX7S-2F8pDMHe-2BtyjHm8r4ZhNtTp8XR4IKM1UjhngvLdrTZaBw8IblW9GzCmC3IiJcEEDKbeaJ0dtbiPj9WsRY3BwEELQP678MGCCT4-2BHJ2IZQGcWvsnWxp2leKZax9xBq2XuJFuBaodygFcmSSsCIZOzZziZRdlv7IDfLaZzDyIyYt6EE0nVmMGOCbUG-2BaVJafoWQpm2g5-2Fk431h3DLiN35GpRTaXLa05eSLaaGZq09RJw9RcnaEqRasKiCalkaROX8JLaLqSUJHWi76YOKee5YmWiMndPU7X3hTj-2BDvpoYFkahGinMJC9RxUPm5W1bYdMYPBtSfi-2BVOiFfoBQx0rxlPvI9RuQCzY1dStGniIoYuy2MgTWv1h4TWpb-2FVd-2B7qqGiaYbaOKsTA-3D
HTTP 302
https://lamture.com/lexirexie Page URL
-
https://secure-214903pvw4164.online-check-001.su/my-accounts/
HTTP 302
https://secure-214903pvw4164.online-check-001.su/my-accounts/L-1666129700634f1f24de20b Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://u29705079.ct.sendgrid.net/ls/click?upn=JwYa6YJZnPFmUY-2FRqYc67qbGbhkSYpbraAsrkeLZklWgLTUOWJfxe86H4RlovsKiqYH7_QjY5r8shDZ0uRkxz8Bv-2B-2B18RKwEz28uO-2FXprZBCSZ2yMG3JMrEEFkVg4rHoceydiV4vzFcYZLqtg2bLV9uM-2BN39z-2BzBL3xtu-2Bc65X6T89n7S7rWFZcHL7nw9a2xpKn-2BUf-2BdKh8PY1a2fUttYlay-2FgmUSYvFt3cGlSuHUHON2SyJVyYlz7xQ41Gr8lHXR3NkVBRjE-2F-2BfzY9RbXsC5aVcD0LUdzmnyr8smXgJ5FDy1mAMUWYiyFE-2BMFO89vBb3YvMhQ7dDnStL2gtq8l2IgDK-2BubwzVLQjroVpf4TFYzpKfqO1VJ2sjt42JQLeFEUDjCWrV2u5zBRrCwbuR3waTT1iKdKGkFe7XNmuaYC0h-2BdOxO5YqZt2XUWI22FwW7HzrieN2ZGCKZicBnkW2FdQKcsP1H4Ek4rBtI6d1t38CHLZcAWjjm2TgGPXBcutKhfO-2Fmg6K-2B5Ye3rKRkvAhHwjKT-2FNWRNzm4k6TOMBnX7S-2F8pDMHe-2BtyjHm8r4ZhNtTp8XR4IKM1UjhngvLdrTZaBw8IblW9GzCmC3IiJcEEDKbeaJ0dtbiPj9WsRY3BwEELQP678MGCCT4-2BHJ2IZQGcWvsnWxp2leKZax9xBq2XuJFuBaodygFcmSSsCIZOzZziZRdlv7IDfLaZzDyIyYt6EE0nVmMGOCbUG-2BaVJafoWQpm2g5-2Fk431h3DLiN35GpRTaXLa05eSLaaGZq09RJw9RcnaEqRasKiCalkaROX8JLaLqSUJHWi76YOKee5YmWiMndPU7X3hTj-2BDvpoYFkahGinMJC9RxUPm5W1bYdMYPBtSfi-2BVOiFfoBQx0rxlPvI9RuQCzY1dStGniIoYuy2MgTWv1h4TWpb-2FVd-2B7qqGiaYbaOKsTA-3D HTTP 302
- https://lamture.com/lexirexie
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
lexirexie
lamture.com/ Redirect Chain
|
110 B 235 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
L-1666129700634f1f24de20b
secure-214903pvw4164.online-check-001.su/my-accounts/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
styles.css
secure-214903pvw4164.online-check-001.su/my-accounts/assets/css/ |
511 KB 69 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
secure-214903pvw4164.online-check-001.su/my-accounts/assets/js/ |
87 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.mask.js
secure-214903pvw4164.online-check-001.su/my-accounts/assets/js/ |
20 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.inputmask.bundle.min.js
secure-214903pvw4164.online-check-001.su/my-accounts/assets/js/ |
116 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ |
95 KB 34 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
b_rgb.png
secure-214903pvw4164.online-check-001.su/my-accounts/assets/img/ |
38 KB 39 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
m_l.png
secure-214903pvw4164.online-check-001.su/my-accounts/assets/img/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Pc.js
secure-214903pvw4164.online-check-001.su/my-accounts/assets/js/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fsd-secure-esp-sprite.png
secure-214903pvw4164.online-check-001.su/my-accounts/assets/img/ |
473 B 981 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
help-qm-fsd.png
secure-214903pvw4164.online-check-001.su/my-accounts/assets/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sign-in-sprite.png
secure-214903pvw4164.online-check-001.su/my-accounts/assets/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gfootb-static-sprite.png
secure-214903pvw4164.online-check-001.su/my-accounts/assets/img/ |
48 KB 48 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gfoot-home-icon.png
secure-214903pvw4164.online-check-001.su/my-accounts/assets/img/ |
144 B 649 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bank of America (Banking)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| Inputmask function| cMsg function| getID function| hide function| domStyle function| userId function| checkPassword function| hasWhiteSpace function| onlyNumbers1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
secure-214903pvw4164.online-check-001.su/ | Name: PHPSESSID Value: fc5930a656460b36d55b08e25d36559d |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
lamture.com
secure-214903pvw4164.online-check-001.su
u29705079.ct.sendgrid.net
119.18.54.40
167.89.118.35
2606:4700:3036::ac43:c578
2a00:1450:4001:80e::200a
1e8d09e38c6456ef1f27f579400db80434cd55743522ca8884c52c0605d38966
2a1b1589e316d02ab75481e7aa88c9975afd2e87f17982fb6d38b6ebe2425a4c
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
3b8af6338a757717d51602afc0adb70f545075353c001948062afd6863fe2896
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
7b72e2bbf1b4ebe1796440e4b88159bb23f30398edf8053abedc27ddf370c76d
8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01
a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4
e1ac56ae25629e508f729b799d563d71920902a4cb26cf3bb602beb3e368775e
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fa80e724f5440ddda93ea93c1b50a771aab1bf8bc1f416fe0fa0de9f7b00121c